Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Overview 2 Implementations 3 References 4 External links

VMAC

●فارسی ●Türkçe Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

VMAC is a block cipher-based message authentication code (MAC) algorithm using a universal hash proposed by Ted Krovetz and Wei Dai in April 2007. The algorithm was designed for high performance backed by a formal analysis. ^{[citation needed]}

VMAC is designed to have exceptional performance in software on 64-bit CPU architectures while still performing well on 32-bit architectures. ^{[citation needed]} Measured speeds are as fast as one-half CPU cycle per byte (cpb) on 64-bit architectures, under five cpb on desktop 32-bit processors, and around ten cpb on embedded 32-bit architectures.^[1] A closely related variant of VMAC that is optimized for 32-bit architectures is given by UMAC.

Overview[edit]

VMAC is a MAC in the style of Wegman and Carter.^[2]^[3] A fast "universal" hash function is used to hash an input message M into a short string. ^{[citation needed]} This short string is then combined by addition with a pseudorandom pad, resulting in the VMAC tag. Security depends on the sender and receiver sharing a randomly chosen secret hash function and pseudorandom pad. This is achieved by using keyed hash function H and pseudorandom function F. A tag is generated by performing the computation

    Tag = H_K1(M) + F_K2(Nonce)

where K1 and K2 are secret random keys shared by sender and receiver, and Nonce is a value that changes with each generated tag. The receiver needs to know which nonce was used by the sender, so some method of synchronizing nonces needs to be used. This can be done by explicitly sending the nonce along with the message and tag, or agreeing upon the use of some other non-repeating value such as a sequence number. The nonce need not be kept secret, but care needs to be taken to ensure that, over the lifetime of a VMAC key, a different nonce is used with each message.

VMAC uses a function, called VHASH (also specified in this document), as the keyed hash function H and uses a pseudorandom function F whose default implementation uses the AES block cipher. VMAC allows for tag lengths of any 64-bit multiple up to the block size of the block cipher in use. When using AES, this means VMAC can produce 64- or 128-bit tags.

The theory of Wegman-Carter MACs and the analysis of VMAC show that if one "instantiates" VMAC with truly random keys and pads then the probability that an attacker (even a computationally unbounded one) produces a correct tag for messages of its choosing is less than 1/2⁶⁰ or 1/2¹²⁰ when the tags are of length 64 or 128 bits, respectively. When an attacker makes N forgery attempts the probability of getting one or more tags right increases linearly to less than N/2⁶⁰ or N/2¹²⁰. In an applied implementation of VMAC, using AES to produce keys and pads, these forgery probabilities increase by a small amount related to the security of AES. As long as AES is secure, this small additive term is insignificant for any practical attack. See specification for more details. Analysis of VMAC security has been carried out by authors Wei Dai and Ted Krovetz. ^{[citation needed]}^[4]

Implementations[edit]

C^[5]^[6]
C++ ^[7]^[8]
Python^[9]

References[edit]

^ T. Krovetz and W. Dai (2007). "VMAC: Message Authentication Code using Universal Hashing". CFRG Working Group. IETF. Retrieved 2010-08-12.

^ J. Carter; M. Wegman (1977). "Universal classes of hash functions (Extended Abstract)". Proceedings of the ninth annual ACM symposium on Theory of computing - STOC '77. ACM. pp. 106–112. doi:10.1145/800105.803400. S2CID 1302091.

^ J. Carter; M. Wegman (1981). "New hash functions and their use in authentication and set equality". Journal of Computer and System Sciences. 22 (3): 265–279. doi:10.1016/0022-0000(81)90033-7.

^ T. Krovetz (2007). "Message Authentication on 64-Bit Architectures" (PDF). Selected Areas in Cryptography. Lecture Notes in Computer Science. Vol. 4356. Springer-Verlag. pp. 327–341. doi:10.1007/978-3-540-74462-7_23. ISBN 978-3-540-74461-0. ISSN 0302-9743.

^ "vmac.h (source code)". Retrieved 2022-11-13.

^ "vmac.c (source code)". Retrieved 2022-11-13.

^ "Crypto++: vmac.h Source File". www.cryptopp.com.

^ "Crypto++: vmac.cpp Source File". www.cryptopp.com.

^ Krovetz, Ted (2007-04-22). "An unoptimized, straightforward reference implementation of VMAC". Retrieved 2022-11-13.

External links[edit]

VMAC: Message Authentication Code using Universal Hashing - Internet draft
VMAC Home page
Cryptolounge VMAC wiki entry Archived 2010-04-02 at the Wayback Machine

v t e Cryptographic hash functions and message authentication codes
List Comparison Known attacks
Common functions	MD5 (compromised) SHA-1 (compromised) SHA-2 SHA-3 BLAKE2
SHA-3 finalists	BLAKE Grøstl JH Skein Keccak (winner)
Other functions	BLAKE3 CubeHash ECOH FSB Fugue GOST HAS-160 HAVAL Kupyna LSH Lane MASH-1 MASH-2 MD2 MD4 MD6 MDC-2 N-hash RIPEMD RadioGatún SIMD SM3 SWIFFT Shabal Snefru Streebog Tiger VSH Whirlpool
Password hashing/ key stretching functions	Argon2 Balloon bcrypt Catena crypt LM hash Lyra2 Makwa PBKDF2 scrypt yescrypt
General purpose key derivation functions	HKDF KDF1/KDF2
MAC functions	CBC-MAC DAA GMAC HMAC NMAC OMAC/CMAC PMAC Poly1305 SipHash UMAC VMAC
Authenticated encryption modes	CCM ChaCha20-Poly1305 CWC EAX GCM IAPM OCB
Attacks	Collision attack Preimage attack Birthday attack Brute-force attack Rainbow table Side-channel attack Length extension attack
Design	Avalanche effect Hash collision Merkle–Damgård construction Sponge function HAIFA construction
Standardization	CAESAR Competition CRYPTREC NESSIE NIST hash function competition Password Hashing Competition NSA Suite B CNSA
Utilization	Hash-based cryptography Merkle tree Message authentication Proof of work Salt Pepper

Cryptography

General

Mathematics

Category

Retrieved from "https://en.wikipedia.org/w/index.php?title=VMAC&oldid=1182534524" Category: ●Message authentication codes Hidden categories: ●Articles with short description ●Short description is different from Wikidata ●All articles with unsourced statements ●Articles with unsourced statements from August 2010 ●Webarchive template wayback links ●This page was last edited on 29 October 2023, at 22:32 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view